ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-102 All Questions

View all questions & answers for the MD-102 exam
Go to Exam

Exam MD-102 topic 1 question 149 discussion

Actual exam question from Microsoft's MD-102
Question #: 149
Topic #: 1
[All MD-102 Questions]

HOTSPOT -


Case study -


Overview -

ADatum Corporation is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

ADatum has a Microsoft 365 E5 subscription.


Environment -


Network Environment -

The network contains an on-premises Active Directory domain named adatum.com. The domain contains the servers shown in the following table.



ADatum has a hybrid Azure AD tenant named adatum.com.


Users and Groups -

The adatum.com tenant contains the users shown in the following table.



All users are assigned a Microsoft Office 365 license and an Enterprise Mobility + Security E3 license.

Enterprise State Roaming is enabled for Group1 and GroupA.

Group1 and Group2 have a Membership type of Assigned.


Devices -

ADatum has the Windows 10 devices shown in the following table.



The Windows 10 devices are joined to Azure AD and enrolled in Microsoft Intune.

The Windows 10 devices are configured as shown in the following table.



All the Azure AD joined devices have an executable file named C:\AppA.exe and a folder named D:\Folder1.


Microsoft Intune Configuration -

Microsoft Intune has the compliance policies shown in the following table.





The Automatic Enrollment settings have the following configurations:

• MDM user scope: GroupA
• MAM user scope: GroupB

You have an Endpoint protection configuration profile that has the following Controlled folder access settings:

• Name: Protection1
• Folder protection: Enable
• List of apps that have access to protected folders: C:\*\AppA.exe
• List of additional folders that need to be protected: D:\Folder1
• Assignments:
- Included groups: Group2, GroupB


Windows Autopilot Configuration -

ADatum has a Windows Autopilot deployment profile configured as shown in the following exhibit.



Currently, there are no devices deployed by using Windows Autopilot.

The Intune connector for Active Directory is installed on Server1.


Requirements -


Planned Changes -

ADatum plans to implement the following changes:

• Purchase a new Windows 10 device named Device6 and enroll the device in Intune
• New computers will be deployed by using Windows Autopilot and will be hybrid Azure AD joined.
• Deployed a network boundary configuration profile that will have the following settings:
- Name: Boundary1
- Network boundary: 192.168.1.0/24
- Scope tags: Tag1
- Assignments:
- Included groups: Group1, Group2
• Deploy two VPN configuration profiles named Connection1 and Connection2 that will have the following settings:
- Name: Connection1
- Connection name: VPN1
- Connection type: L2TP
- Assignments:
- Included groups: Group1, Group2, GroupA
- Excluded groups: --
- Name: Connection2
- Connection name: VPN2
- Connection type: IKEv2
- Assignments:
- Included groups: GroupA
- Excluded groups: GroupB


Technical Requirements -

ADatum must meet the following technical requirements:
• Users in GroupA must be able to deploy new computers.
• Administrative effort must be minimized.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Monades at Oct. 17, 2023, 4:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BJS78
Highly Voted 1 year, 9 months ago
User1, User3 can enroll only. Device1, Device3 can be enrolled with Autopilot only. So I would vote on: Y-N-Y (opposite of the answer)
upvoted 32 times
...
Contactfornitish
Highly Voted 1 year, 10 months ago
The question doesn't talk about any specific device but windows 10 device in general. Automatic enrollment of a device depends on two factors, if the user has at least E3 license which would include relevant EMS license and if the user is in MDM scope. Here all users have the license so first condition is ok but when it comes to second condition then only user1 and user 3 are part of groupA so only those can join the devices.
upvoted 21 times
...
b78d6dc
Most Recent 5 months ago
https://learn.microsoft.com/en-us/mem/intune-service/enrollment/windows-enroll#:~:text=When%20a%20user%20is%20in%20both%20the%20MDM%20user%20scope%20and%20WIP%20user%20scope%3A
upvoted 1 times
...
Alex_UC
9 months ago
YNY also for me, MDM scope is assigned to groupA and if a user have MDM scope and MAM scope assigned MDMscope have the precedence
upvoted 2 times
...
AleFCI1908
9 months, 1 week ago
Y N Y , the opposite!!! 1 and 3 can use MDM, number 2 only MAM so no enrollment
upvoted 1 times
...
bigreg
11 months ago
I agree should be Y N Y, User 2 not in Group B
upvoted 3 times
...
EUC_PRO
11 months, 1 week ago
YNY User 2 is not in Group B, so is not in the MDM user scope
upvoted 2 times
...
Cezt
1 year ago
Y,N,N mAM wins over MDM
upvoted 2 times
oopspruu
12 months ago
This is a pure nonsense reason. MAM has nothing to do with MDM over "winning over it". MDM is for enrolling devices whereas MAM defines Application Management.
upvoted 4 times
Alex_UC
9 months ago
correct answer is YNY but you comment is wrong. MDMscope wins over MAMscope.. is wrtten here:https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#enable-windows-automatic-enrollment. What is you talking about is a complete other thing
upvoted 1 times
...
...
...
oopspruu
1 year ago
YNY MDM Scope allows Group A Note than Group B is NOT excluded, it simply isn't assigned. Which means User 3's membership in Group A will be honored.
upvoted 1 times
...
b3c32d7
1 year, 2 months ago
Auto pilot enrolment profile says only Group 1 included and Group 2 excluded, it doesn't mention Group A and B, so I thought no one will be enrolled, ideas please
upvoted 1 times
...
MR_Eliot
1 year, 5 months ago
YNY • MDM user scope: GroupA • MAM user scope: GroupB User1: Cloud device administrator GroupA YES User2: Azure AD Joined Device Local Administrator GroupB NO User3: Global Reader GroupA, GroupB YES
upvoted 7 times
...
Merrybob
1 year, 6 months ago
YNY for me as well. Users all have the licenses required (Ref: https://learn.microsoft.com/en-us/mem/intune/fundamentals/licenses#:~:text=Enterprise%20Mobility%20%2B%20Security%20E3) Users 1 and 3 have the MDM scope and there's nothing stopping those devices from enrolling. User 2 is part of the MAM scope and cannot enroll.
upvoted 5 times
...
yosry
1 year, 7 months ago
YNY IS CORRECT
upvoted 5 times
...
madsa
1 year, 8 months ago
I agree should be Y N Y, but please do confirm your answer.
upvoted 5 times
...
fco168
1 year, 9 months ago
Agree with Contactfornitish, Monades and BJS78.
upvoted 2 times
...
Monades
1 year, 10 months ago
Shouldn't it be the opposite? Only User1 and User3 have the MDM User Role.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel